False-positive validity for NFT1 genesis transactions

Impact In the npm package named "slp-validate", versions prior to 1.2.2 are vulnerable to false-positive validation outcomes for the NFT1 Child Genesis transaction type. A poorly implemented SLP wallet or opportunistic attacker could create a seemingly valid NFT1 child token without burning any o...

GHSA-6JMR-JFH7-XG3H False-positive validity for NFT1 genesis transactions

Impact In the npm package named "slp-validate", versions prior to 1.2.2 are vulnerable to false-positive validation outcomes for the NFT1 Child Genesis transaction type. A poorly implemented SLP wallet or opportunistic attacker could create a seemingly valid NFT1 child token without burning any o...

OSV-2020-1178 Global-buffer-overflow in arrow::Status arrow::VisitArrayInline<arrow::internal::ValidateArrayDataVisitor>

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20203 Crash type: Global-buffer-overflow READ 1 Crash state: arrow::Status arrow::VisitArrayInline arrow::Status arrow::internal::ValidateArrayDataVisitor::ValidateListArray...

OSV-2020-917 Heap-buffer-overflow in arrow::Status arrow::VisitArrayInline<arrow::internal::ValidateArrayVisitor>

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=21039 Crash type: Heap-buffer-overflow READ 4 Crash state: arrow::Status arrow::VisitArrayInline arrow::internal::ValidateArray arrow::RecordBatch::Validate...

OSV-2020-57 Stack-buffer-overflow in ot::NetworkData::PrefixTlv::GetPrefixLength

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=23267 Crash type: Stack-buffer-overflow READ 1 Crash state: ot::NetworkData::PrefixTlv::GetPrefixLength ot::NetworkData::NetworkData::FindPrefix ot::NetworkData::Leader::Validate...

libxml2: memory leak in xmlSchemaPreRun in xmlschemas.c

A memory leak was found in the xmlSchemaValidateStream function of libxml2. Applications that use this library may be vulnerable to memory not being freed leading to a denial of service. System availability is the highest threat from this vulnerability...

DEBIAN-CVE-2020-4048

In affected versions of WordPress, due to an issue in wpvalidateredirect and URL sanitization, an arbitrary external link can be crafted leading to unintended/open redirect when clicked. This has been patched in version 5.4.2, along with all the previously affected versions via a minor release...

PT-2020-3637 · WordPress · Wordpress

Name of the Vulnerable Software and Affected Versions: WordPress versions prior to 5.4.2 WordPress versions 5.3.4, 5.2.7, 5.1.6, 5.0.10, 4.9.15, 4.8.14, 4.7.18, 4.6.19, 4.5.22, 4.4.23, 4.3.24, 4.2.28, 4.1.31, 4.0.31, 3.9.32, 3.8.34, 3.7.34 Description: The issue is related to an unintended/open...

Validation Bypass in schema-inspector

In schema-inspector before 1.6.9, a maliciously crafted JavaScript object can bypass the sanitize and the validate function used within schema-inspector...

CVE-2020-11072

In SLP Validate npm package slp-validate before version 1.2.1, users could experience false-negative validation outcomes for MINT transaction operations. A poorly implemented SLP wallet could allow spending of the affected tokens which would result in the destruction of a user's minting baton. Th...

CVE-2020-11072

In SLP Validate npm package slp-validate before version 1.2.1, users could experience false-negative validation outcomes for MINT transaction operations. A poorly implemented SLP wallet could allow spending of the affected tokens which would result in the destruction of a user's minting baton. Th...

Input validation

In SLP Validate npm package slp-validate before version 1.2.1, users could experience false-negative validation outcomes for MINT transaction operations. A poorly implemented SLP wallet could allow spending of the affected tokens which would result in the destruction of a user's minting baton. Th...

GHSA-4W97-57V2-3W44 False-negative validation results in MINT transactions with invalid baton

Impact Users could experience false-negative validation outcomes for MINT transaction operations. A poorly implemented SLP wallet could allow spending of the affected tokens which would result in the destruction of a user's minting baton. Patches npm package slp-validate has been patched and...

False-negative validation results in MINT transactions with invalid baton

Impact Users could experience false-negative validation outcomes for MINT transaction operations. A poorly implemented SLP wallet could allow spending of the affected tokens which would result in the destruction of a user's minting baton. Patches npm package slp-validate has been patched and...

CVE-2020-11072 False-negative validation results in MINT transactions with invalid baton

In SLP Validate npm package slp-validate before version 1.2.1, users could experience false-negative validation outcomes for MINT transaction operations. A poorly implemented SLP wallet could allow spending of the affected tokens which would result in the destruction of a user's minting baton. Th...

CVE-2020-11072

In CVE-2020-11072, the npm package slp-validate (before version 1.2.1) could produce false-negative validation outcomes for MINT transactions, enabling a poorly implemented SLP wallet to spend affected tokens and destroy a user’s minting baton. The issue is fixed in slp-validate version 1.2.1. A ...

Unspecified vulnerability in slp-validate

slp-validate is a lightweight SLP Simple Ledger Protocol validator with features such as pre-broadcast validation and burn protection. slpjs is a JavaScript library for validating and building Simple Ledger Protocol SLP. A security vulnerability exists in versions of slp-validate prior to 1.2.1,...

Ubuntu 16.04 LTS / 18.04 LTS : Linux kernel vulnerabilities (USN-4345-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-4345-1 advisory. Al Viro discovered that the Linux kernel for s390x systems did not properly perform page table upgrades for kernel sections that use secondar...

Improper Neutralization of CRLF Sequences in HTTP Headers in Jooby ('HTTP Response Splitting)

Impact - Cross Site Scripting - Cache Poisoning - Page Hijacking Patches This was fixed in version 2.2.1. Workarounds If you are unable to update, ensure that user supplied data isn't able to flow to HTTP headers. If it does, pre-sanitize for CRLF characters. References CWE-113: Improper...

ZSQL: Check for users with GRANT ANY PRIVILEGE permission

Searches for users with GRANT ANY PRIVILEGE permission and checks whether they are authorized to have it. Users with this permission can grant any permission to any user. Therefore, grant this permission only when absolutely necessary. Copyright C 2020 Greenbone Networks GmbH Some text descriptio...